Extracted

• • Target

    18e07c4772a2687ee06a434ffef9572f.exe

  • Size

    7.6MB

  • MD5

    18e07c4772a2687ee06a434ffef9572f

  • SHA1

    ff1a7e4f53efdbd0935bcf8a8dac338ea96c9dbe

  • SHA256

    ef509cb0a60d929e4f0acd3696e724397dc8113170df0ef478ea2afaae7800d8

  • SHA512

    8795a49d7c5993f24a290e9d5f9299871af4ffd51a66b0656bf0057cdc15b1286350aae55be7b69cec660df1353f5a4dffdc08004a1b447b1b75e5645ac6188b

  • SSDEEP

    196608:eMoIG1kQ7PENK4JQp9ny9MK07ZMCmPSxF:gJB7PGqKMKeBm4F

  Score

  10^/10

  bitratxenarmorpasswordrecoverytrojanupx

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2